Previously, cyberattacks were carried out by humans: hackers infiltrated systems, stole data, and demanded ransom. However, there is now a first case where the entire cyberattack was executed by an artificial intelligence (AI) agent.
Details of the JadePuffer Attack
Security researchers named this AI agent JadePuffer. They claim this is the first documented instance where AI independently performed almost all technical aspects of a ransomware attack. This news has caused serious concern in the cybersecurity field, as AI's ability to self-exploit could lead to faster and more dangerous attacks in the future.
How Ransomware Works
Ransomware is a dangerous type of malware. When it enters a company's or private individual's system, it encrypts or locks files and data. Afterward, attackers demand a ransom for the return of the data; otherwise, the data may be permanently lost or published online. Until now, hackers made decisions at every stage of such attacks, but in the case of JadePuffer, the AI made many decisions autonomously.
Attack Progression and Self-Correction
According to the cloud security company Sysdig's research, JadePuffer first penetrated the server by exploiting an old vulnerability in the security system. It then independently scanned the system, found API keys and other passwords, gained access to other servers, and finally encrypted the data. Furthermore, the AI itself prepared the ransom note. Researchers noted a striking moment: when the AI encountered a problem at any stage, it corrected the error itself and continued the attack using the next method approximately 31 seconds later, eliminating the need for constant human instructions.
The Role of Humans in the Attack
Although some initial reports suggested the entire attack proceeded without human involvement, Sysdig's Director of Research later clarified that a human selected the target, prepared the necessary infrastructure, and provided initial access. The technical part of the attack was then taken over by the AI agent. Thus, the AI did not act completely in isolation, but it performed many major tasks instead of the hacker.
Threats to Society and Defense
Experts believe that if AI can independently penetrate systems, find data, search for passwords, correct errors, and demand ransom, such attacks could be conducted in large numbers and in a short time, making large-scale attacks easier even for small cybercriminals. Currently, the JadePuffer incident involves corporate servers, and there is no confirmation of attacks on personal phones or laptops of ordinary users. Nevertheless, if AI-based tools continue to improve, banks, hospitals, government institutions, and large corporations could become more frequent targets in the future, leading to negative consequences for ordinary citizens.
Countermeasures
Cyber experts advise companies and institutions to update their software and servers promptly. It is critically important to immediately eliminate outdated vulnerabilities, as JadePuffer utilized a previously existing weakness. Additionally, the importance of using multi-factor authentication, regular backups, and continuous security monitoring has significantly increased.